1.16.2 (September 19, 2023)
SECURITY:
- Upgrade to use Go 1.20.8. This resolves CVEs
CVE-2023-39320 (cmd/go
),
CVE-2023-39318 (html/template
),
CVE-2023-39319 (html/template
),
CVE-2023-39321 (crypto/tls
), and
CVE-2023-39322 (crypto/tls
) [GH-18742]
IMPROVEMENTS:
- Adds flag -append-filename (which works on values version, dc, node and status) to consul snapshot save command.
Adding the flag -append-filename version,dc,node,status will add consul version, consul datacenter, node name and leader/follower
(status) in the file name given in the snapshot save command before the file extension. [GH-18625] - Reduce the frequency of metric exports from Consul to HCP from every 10s to every 1m [GH-18584]
- api: Add support for listing ACL tokens by service name. [GH-18667]
- checks: It is now possible to configure agent TCP checks to use TLS with
optional server SNI and mutual authentication. To use TLS with a TCP check, the
check must enable thetcp_use_tls
boolean. By default the agent will use the
TLS configuration in thetls.default
stanza. [GH-18381] - command: Adds -since flag in consul debug command which internally calls hcdiag for debug information in the past. [GH-18797]
- log: Currently consul logs files like this consul-{timestamp}.log. This change makes sure that there is always
consul.log file with the latest logs in it. [GH-18617]
BUG FIXES:
- Inherit locality from services when registering sidecar proxies. [GH-18437]
- UI : Nodes list view was breaking for synthetic-nodes. Fix handles non existence of consul-version meta for node. [GH-18464]
- api: Fix
/v1/agent/self
not returning latest configuration [GH-18681] - ca: Vault provider now cleans up the previous Vault issuer and key when generating a new leaf signing certificate [GH-18779] [GH-18773]
- check: prevent go routine leakage when existing Defercheck of same check id is not nil [GH-18558]
- connect: Fix issue where Envoy endpoints would not populate correctly after a snapshot restore. [GH-18636]
- gateways: Fix a bug where gateway to service mappings weren't being cleaned up properly when externally registered proxies were being deregistered. [GH-18831]
- telemetry: emit consul version metric on a regular interval. [GH-18724]